Encrypting the connection string

Posts   
 
    
Posts: 497
Joined: 08-Apr-2004
# Posted on: 09-Jun-2004 12:43:51   

Hi,

We are looking at encrpyting our connection strings, and I was wondering how LLBLGen works with connection strings? Is the conn. string cached, or just loaded from the config file everytime the DataAdaptor needs to go to the database?

The reason I ask, is I am unsure how encrypted connection strings will affect peformance. In looking into this, I found a posting made a while ago by Frans, in reply to someone who has released a conn. string encryptor:

Isn't decrypting rather slow? Or are you caching it in f.e. the application object in a webapplication? (which requires you to pass it on to your DAL with every action OR you have to make your DAL aware of the application object).

All very good questions - if it is cached then where, because you dont want to pass it to every BL, and nor do you want to make the business layer use HttpContext, in case you write a windows forms UI for example...

Any thoughts? Is there a way I can cache something like this and make it available to the BL and lower layers, without them going though httpcontext?

Otis avatar
Otis
LLBLGen Pro Team
Posts: 39590
Joined: 17-Aug-2003
# Posted on: 09-Jun-2004 12:53:57   

By default, the DataAccessAdapter will read the connection string from the config file, each time. This is only on the first occasion a bit slow, as .NET will read the config file, parse the XML and read the data. Every next call will be very fast, as .NET has cached the parsed config file in memory.

If you want to specify the connection string yourself, you can, by using a different constructor for the DataAccessAdapter. You for example can read an encrypted string from the config file, decrypt it when the application starts and then pass the decrypted string to the DataAccessAdapter constructor.

Frans Bouma | Lead developer LLBLGen Pro
wayne avatar
wayne
User
Posts: 611
Joined: 07-Apr-2004
# Posted on: 09-Jun-2004 13:02:45   

Hi Mat

We encrypt our conn string in the config file. You just need to adjust the dbutils.cs template. to decrypt it and pass in on. - Doesn't seem to be slow.

Posts: 497
Joined: 08-Apr-2004
# Posted on: 09-Jun-2004 14:06:00   

Cheers guys. Its the constant decrypting of the data I was worried about. Wayne, do you have your code read and decrypt the config file every time it is needed, or does it read once, and cache?

Personally, I would like my code to decrypt once and store somewhere, but I don't know where to "cache it to" in the BL, any ideas?

wayne avatar
wayne
User
Posts: 611
Joined: 07-Apr-2004
# Posted on: 09-Jun-2004 14:43:23   

Wayne, do you have your code read and decrypt the config file every time it is needed, or does it read once, and cache?

No caching yet. Haven't got that fancy yet. We decrypt in on every request.

The other option is to create a private variable in the DBUtils class - then store the decrypted string there for the lifespan of the DButils object. So check the var for value before decypting. If var = empty do decrypt and store value. - But i am not sure for how long the DbUtils object exists in LLBLGen. I havn't really investigated this.

If the DBUtils object gets created per entity then it is not really worth having the priv var as you will do the decrypt and store 1 for every entity. Need to find a more global accessable place then - if this is true.

Otis avatar
Otis
LLBLGen Pro Team
Posts: 39590
Joined: 17-Aug-2003
# Posted on: 09-Jun-2004 15:24:53   

You can of course set the global var in the dbutils just once simple_smile (load it and decrypt it when it is not set yet, and each time the var is required, just check if it's loaded, if not, load it, if it is, just use the current value simple_smile

Frans Bouma | Lead developer LLBLGen Pro
Posts: 497
Joined: 08-Apr-2004
# Posted on: 09-Jun-2004 16:46:13   

Otis wrote:

You can of course set the global var in the dbutils just once simple_smile (load it and decrypt it when it is not set yet, and each time the var is required, just check if it's loaded, if not, load it, if it is, just use the current value simple_smile

Is this the same as what wayne suggested? Does the dbutils exist for the lifetime of the DataAcessAdaptor, or even longer than that?

Otis avatar
Otis
LLBLGen Pro Team
Posts: 39590
Joined: 17-Aug-2003
# Posted on: 09-Jun-2004 18:04:00   

MattWoberts wrote:

Otis wrote:

You can of course set the global var in the dbutils just once simple_smile (load it and decrypt it when it is not set yet, and each time the var is required, just check if it's loaded, if not, load it, if it is, just use the current value simple_smile

Is this the same as what wayne suggested? Does the dbutils exist for the lifetime of the DataAcessAdaptor, or even longer than that?

DbUtils is selfservicing only, so if you use adapter, you can control it all by passing your connection string to the DataAccessAdapter's constructor as I mentioned earlier. DbUtils is a class which is used as a static class, so no instance is created.

Frans Bouma | Lead developer LLBLGen Pro
Posts: 497
Joined: 08-Apr-2004
# Posted on: 09-Jun-2004 21:33:58   

I see - thanks!

Bposter
User
Posts: 4
Joined: 27-Sep-2004
# Posted on: 27-Sep-2004 20:16:22   

Otis wrote:

MattWoberts wrote:

Otis wrote:

You can of course set the global var in the dbutils just once simple_smile (load it and decrypt it when it is not set yet, and each time the var is required, just check if it's loaded, if not, load it, if it is, just use the current value simple_smile

Is this the same as what wayne suggested? Does the dbutils exist for the lifetime of the DataAcessAdaptor, or even longer than that?

DbUtils is selfservicing only, so if you use adapter, you can control it all by passing your connection string to the DataAccessAdapter's constructor as I mentioned earlier. DbUtils is a class which is used as a static class, so no instance is created.

As suggested in these posts, I am trying to extend the DataAccessAdapter to get my encrypted connection string from the registry but am not quite sure how to do it. Where do I put my new class so it doesn't get overwritten when I regenerate code? I tried adding the following constructor to my derived class: public MyDataAccessAdapter() { InitClass(ReadConnectionStringFromRegistry(), false, CatalogNameUsage.Default, String.Empty); } but I get an error about InitClass not being accessible, as it is private. I am learning OO concepts. What is the best way to extend this class?

Otis avatar
Otis
LLBLGen Pro Team
Posts: 39590
Joined: 17-Aug-2003
# Posted on: 28-Sep-2004 10:21:39   

Bposter wrote:

As suggested in these posts, I am trying to extend the DataAccessAdapter to get my encrypted connection string from the registry but am not quite sure how to do it. Where do I put my new class so it doesn't get overwritten when I regenerate code? I tried adding the following constructor to my derived class: public MyDataAccessAdapter() { InitClass(ReadConnectionStringFromRegistry(), false, CatalogNameUsage.Default, String.Empty); } but I get an error about InitClass not being accessible, as it is private. I am learning OO concepts. What is the best way to extend this class?

You can add the class to whatever project you'd like, for example the databasespecific project. As it is in a separate code file, it will not be overwritten.

You shouldn't call InitClass from the constructor but simply the base class' Constructor which accepts the connection string, like this: public MyDataAccessAdapter():base(ReadConnectionStringFromRegistry()) { }

simple_smile

Frans Bouma | Lead developer LLBLGen Pro
Posts: 1
Joined: 27-Jun-2006
# Posted on: 27-Jun-2006 17:54:50   
  1. I am using Self Servicing and I want to modify the DBUtils.vb file to handle decrypting the connection string. I am at this function:

Public Function CreateConnection() As SqlConnection
            If ActualConnectionString = String.Empty Then
                ' read the connection string from the *.config file.
                Dim configReader As New AppSettingsReader()
                ActualConnectionString = configReader.GetValue(connectionKeyString, GetType(string)).ToString()
            End If
            Return CreateConnection(ActualConnectionString)
        End Function

I'm going to change the line that sets 'ActualConnectionString' to something that does the decrypting but I'm a little scared of the comments at the top of the file that says my changes could be lost when I regenerate the LLBLGen layer. It says:

"it is recommended that you inherit from this class to extend the functionality of this generated class or you modify / extend the templates used to generate this code."

What is the best way of doing this, I'm going to have a function in my App_Code folder that does all of the fancy decrypting, I just want to be sure that I don't have to keep making this change to DbUtils.vb, I regenerate the LLBLGen stuff a lot! :- )

  1. Do I have to change DbUtilsComPlus.vb? This is an ASP.NET 2.0 app.
Walaa avatar
Walaa
Support Team
Posts: 14946
Joined: 21-Aug-2005
# Posted on: 28-Jun-2006 14:06:05   

You may modify the dbUtils template, it should be an easy task to alter it and use your copy in a custom template set.